コード例 #1
0
    def test_label_contains(self):
        cfg_node = Node('label', None, line_number=None, path=None)
        trigger_words = [Source('get')]
        list_ = list(vulnerabilities.label_contains(cfg_node, trigger_words))
        self.assert_length(list_, expected_length=0)

        cfg_node = Node('request.get("stefan")',
                        None,
                        line_number=None,
                        path=None)
        trigger_words = [Sink('request'), Source('get')]
        list_ = list(vulnerabilities.label_contains(cfg_node, trigger_words))
        self.assert_length(list_, expected_length=2)

        trigger_node_1 = list_[0]
        trigger_node_2 = list_[1]
        self.assertEqual(trigger_node_1.trigger_word, 'request')
        self.assertEqual(trigger_node_1.cfg_node, cfg_node)
        self.assertEqual(trigger_node_2.trigger_word, 'get')
        self.assertEqual(trigger_node_2.cfg_node, cfg_node)

        cfg_node = Node('request.get("stefan")',
                        None,
                        line_number=None,
                        path=None)
        trigger_words = [Source('get'), Source('get'), Sink('get(')]
        list_ = list(vulnerabilities.label_contains(cfg_node, trigger_words))
        self.assert_length(list_, expected_length=3)
コード例 #2
0
    def test_build_sanitiser_node_dict(self):
        self.cfg_create_from_file('examples/vulnerable_code/XSS_sanitised.py')
        cfg_list = [self.cfg]

        FrameworkAdaptor(cfg_list, [], [], is_flask_route_function)

        cfg = cfg_list[1]

        cfg_node = Node(None, None, line_number=None, path=None)
        sink = Sink.from_json('replace', {'sanitisers': ['escape']})
        sinks_in_file = [vulnerabilities.TriggerNode(sink, cfg_node)]

        sanitiser_dict = vulnerabilities.build_sanitiser_node_dict(cfg, sinks_in_file)
        self.assert_length(sanitiser_dict, expected_length=1)
        self.assertIn('escape', sanitiser_dict.keys())

        self.assertEqual(sanitiser_dict['escape'][0], cfg.nodes[3])